<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="tcpdump 常用参数   tcpdump -D 查看可以监听的接口列表
  -i &lt;eth0&gt; 指定网卡，可通过 tcpdump -D 查看
  -c &lt;n&gt; 专区指定个数的包之后退出
  -w &lt;file.pcap&gt; 数据写入到磁盘，可用 Wireshark 打开进行分析
  -s &lt;snaplen&gt; 默认 64字节，设置为 0 会自动选择合适的长度来抓取数据包
  -v | -vv | -vvv 输出更加详细的信息
  特定协议  tcpdump tcp tcpdump udp  特定 IP 或 主机  tcpdump host &lt;ip&gt; tcpdump host &lt;ip1&gt; and &lt;ip2&gt; 抓取 ip1 和 ip2 之间的流量 tcpdump dst [host] &lt;ip&gt; 抓取出站信息（只有请求没有响应） tcpdump src [host] &lt;ip&gt; 抓取入站信息（只有响应没有请求）   特定端口   tcpdump port &lt;port&gt;"><meta property="og:title" content="" />
<meta property="og:description" content="tcpdump 常用参数   tcpdump -D 查看可以监听的接口列表
  -i &lt;eth0&gt; 指定网卡，可通过 tcpdump -D 查看
  -c &lt;n&gt; 专区指定个数的包之后退出
  -w &lt;file.pcap&gt; 数据写入到磁盘，可用 Wireshark 打开进行分析
  -s &lt;snaplen&gt; 默认 64字节，设置为 0 会自动选择合适的长度来抓取数据包
  -v | -vv | -vvv 输出更加详细的信息
  特定协议  tcpdump tcp tcpdump udp  特定 IP 或 主机  tcpdump host &lt;ip&gt; tcpdump host &lt;ip1&gt; and &lt;ip2&gt; 抓取 ip1 和 ip2 之间的流量 tcpdump dst [host] &lt;ip&gt; 抓取出站信息（只有请求没有响应） tcpdump src [host] &lt;ip&gt; 抓取入站信息（只有响应没有请求）   特定端口   tcpdump port &lt;port&gt;" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://hello-world-example.github.io/linux/docs/200_Command/230_Network/tcpdump/" />
<meta property="article:modified_time" content="2022-12-11T01:38:37+08:00" />
<title>Tcpdump | Linux</title>
<link rel="icon" href="/linux/favicon.png" type="image/x-icon">


<link rel="stylesheet" href="/linux/book.min.00b8e784201abfe629a6e0741e94bf44575af8612aec171d94e4ecbd3692cf5c.css" integrity="sha256-ALjnhCAav&#43;YppuB0HpS/RFda&#43;GEq7BcdlOTsvTaSz1w=">


<!--
Made with Book Theme
https://github.com/alex-shpak/hugo-book
-->

  
</head>

<body>
  <input type="checkbox" class="hidden" id="menu-control" />
  <main class="container flex">
    <aside class="book-menu">
      
  <nav>
<h2 class="book-brand">
  <a href="/linux"><span>Linux</span>
  </a>
</h2>












  

  
  





 
  
    




  
  <ul>
    
      
        

  <li>
    

  
  <a href="/linux/docs/100_Shell/" class="collapsed ">Shell</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/" class="collapsed ">Command</a>
  


    




  
  <ul>
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/210_Common/" class="collapsed ">常用工具</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/220_Troubleshooting/" class="collapsed ">故障排查</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/230_Network/" class="collapsed ">Network</a>
  


    




  
  <ul>
    
      
        <li>

  
  <a href="/linux/docs/200_Command/230_Network/ssh/" class="">Ssh</a>
  

</li>
      
    
      
        <li>

  
  <a href="/linux/docs/200_Command/230_Network/ssh/turnnel/" class="">Turnnel</a>
  

</li>
      
    
      
        <li>

  
  <a href="/linux/docs/200_Command/230_Network/tcpdump/" class="active">Tcpdump</a>
  

</li>
      
    
  </ul>
  



  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/240_Disk/" class="collapsed ">磁盘</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/250_String/" class="collapsed ">字符串操作</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/260_Auth/" class="collapsed ">账户权限</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/270_Package/" class="collapsed ">Package..</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/280_System/" class="collapsed ">系统管理</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/200_Command/290_Compression/" class="collapsed ">解压缩</a>
  


    






  </li>


      
    
  </ul>
  



  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/300_Configuration/" class="collapsed ">文件和配置</a>
  


    






  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/900_FAQ/" class="">FAQ</a>
  


    




  
  <ul>
    
  </ul>
  



  </li>


      
    
      
        

  <li>
    

  
  <a href="/linux/docs/999_Links/" class="">Links 🔗</a>
  


    




  
  <ul>
    
  </ul>
  



  </li>


      
    
  </ul>
  



  
















</nav>




  <script>(function(){var menu=document.querySelector("aside.book-menu nav");addEventListener("beforeunload",function(event){localStorage.setItem("menu.scrollTop",menu.scrollTop);});menu.scrollTop=localStorage.getItem("menu.scrollTop");})();</script>


 
    </aside>

    <div class="book-page">
      <header class="book-header">
        
  <div class="flex align-center justify-between">
  <label for="menu-control">
    <img src="/linux/svg/menu.svg" class="book-icon" alt="Menu" />
  </label>

  <strong>Tcpdump</strong>

  <label for="toc-control">
    <img src="/linux/svg/toc.svg" class="book-icon" alt="Table of Contents" />
  </label>
</div>


  
    <input type="checkbox" class="hidden" id="toc-control" />
    <aside class="hidden clearfix">
      
  <nav id="TableOfContents">
  <ul>
    <li><a href="#tcpdump">tcpdump</a>
      <ul>
        <li><a href="#常用参数">常用参数</a></li>
        <li><a href="#特定协议">特定协议</a></li>
        <li><a href="#特定-ip-或-主机">特定 IP 或 主机</a></li>
        <li><a href="#特定端口">特定端口</a></li>
        <li><a href="#read-more">Read More</a></li>
      </ul>
    </li>
  </ul>
</nav>


    </aside>
  
 
      </header>

      
      
  <article class="markdown"><h1 id="tcpdump">tcpdump</h1>
<h2 id="常用参数">常用参数</h2>
<ul>
<li>
<p><code>tcpdump -D</code> 查看可以监听的接口列表</p>
</li>
<li>
<p><code>-i &lt;eth0&gt;</code> 指定网卡，可通过 <code>tcpdump -D</code>  查看</p>
</li>
<li>
<p><code>-c &lt;n&gt;</code> 专区指定个数的包之后退出</p>
</li>
<li>
<p><strong><code>-w &lt;file.pcap&gt;</code></strong> 数据写入到磁盘，可用 Wireshark 打开进行分析</p>
</li>
<li>
<p><strong><code>-s &lt;snaplen&gt;</code></strong> 默认 64字节，设置为 0 会自动选择合适的长度来抓取数据包</p>
</li>
<li>
<p><code>-v</code> | <strong><code>-vv</code></strong> | <code>-vvv</code> 输出更加详细的信息</p>
</li>
</ul>
<h2 id="特定协议">特定协议</h2>
<ul>
<li><code>tcpdump tcp</code></li>
<li><code>tcpdump udp</code></li>
</ul>
<h2 id="特定-ip-或-主机">特定 IP 或 主机</h2>
<ul>
<li><strong><code>tcpdump host &lt;ip&gt;</code></strong></li>
<li><code>tcpdump host &lt;ip1&gt; and &lt;ip2&gt;</code> 抓取 ip1 和 ip2 之间的流量</li>
<li><code>tcpdump dst [host] &lt;ip&gt;</code> 抓取出站信息（<strong>只有请求</strong>没有响应）</li>
<li><code>tcpdump src [host] &lt;ip&gt;</code> 抓取入站信息（<strong>只有响应</strong>没有请求）</li>
<li></li>
</ul>
<h2 id="特定端口">特定端口</h2>
<ul>
<li>
<p><code>tcpdump port &lt;port&gt;</code></p>
</li>
<li></li>
</ul>
<h2 id="read-more">Read More</h2>
<ul>
<li>
<p>
  <a href="http://www.tcpdump.org/">官网</a></p>
</li>
<li>
<p>
  <a href="https://linuxwiki.github.io/NetTools/tcpdump.html">tcpdump使用技巧</a></p>
</li>
<li>
<p>
  <a href="https://www.cnblogs.com/ggjucheng/archive/2012/01/14/2322659.html">Linux tcpdump命令详解</a></p>
</li>
<li>
<p>IBM 
  <a href="https://www.ibm.com/support/knowledgecenter/zh/ssw_aix_72/com.ibm.aix.cmds5/tcpdump.htm">tcpdump 命令</a></p>
</li>
</ul>
</article>
 
      

      <footer class="book-footer">
        
  <div class="flex justify-between">



  <div>
    
    <a class="flex align-center" href="https://github.com/hello-world-example/Linux/commit/d07f642a1d3d369f2ee692c45224763cdf4a7f29" title='Last modified by kaibin.yang | Dec 11, 2022' target="_blank" rel="noopener">
      <img src="/linux/svg/calendar.svg" class="book-icon" alt="Calendar" />
      <span>Dec 11, 2022</span>
    </a>
  </div>



  <div>
    <a class="flex align-center" href="https://github.com/hello-world-example/Linux/edit/master/HuGo/content/docs/200_Command/230_Network/tcpdump.md" target="_blank" rel="noopener">
      <img src="/linux/svg/edit.svg" class="book-icon" alt="Edit" />
      <span>Edit this page</span>
    </a>
  </div>

</div>

 
        <script>
    var images = document.getElementsByTagName("img")
    for (var i = 0; i < images.length; i++) {
        var image = images[i]
        var src = image.getAttribute("src");
         
        if (src.startsWith("-images")) {
            image.setAttribute("src", "../" + src)
        }
         
        if (window.location.href.indexOf("/posts/")) {
            src = src.replace("../drawio/", "../../drawio/")
            image.setAttribute("src", src)
        }
         
        if (src.startsWith("../drawio/")) {
            image.setAttribute("src", src.replace("../drawio/", "../"))
        }

         
        if(src.indexOf("/svg/") < 0){
             
            image.onclick = function (e) {
                window.open(e.target.getAttribute("src"))
            }
        }
    }

</script>

      </footer>

      
  
  <div class="book-comments">

</div>
  
 

      <label for="menu-control" class="hidden book-menu-overlay"></label>
    </div>

    
    <aside class="book-toc">
      
  <nav id="TableOfContents">
  <ul>
    <li><a href="#tcpdump">tcpdump</a>
      <ul>
        <li><a href="#常用参数">常用参数</a></li>
        <li><a href="#特定协议">特定协议</a></li>
        <li><a href="#特定-ip-或-主机">特定 IP 或 主机</a></li>
        <li><a href="#特定端口">特定端口</a></li>
        <li><a href="#read-more">Read More</a></li>
      </ul>
    </li>
  </ul>
</nav>

 
    </aside>
    
  </main>

  
</body>

</html>












